Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use,
ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Email Address:

We never sell or give out your contact information.
We respect our readers' privacy.

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

There’s always been some really interesting discussion about EHR vendors selling the data from their EHR software. Turns out that many EHR vendors and other healthcare entities are selling de-identified healthcare data now, but I haven’t heard much public outcry from them doing it. Is it because the public just doesn’t realize it’s happening or because the public is ok with de-identified data being sold. I’ve heard many argue that they’re happy to have their de-identified data sold if it improves public health or if it gives them a better service at a cheaper cost.

However, a study coming out of Canada has some interesting results when it comes to uniquely identifying people from de-identified data. The only data they used was date of birth, gender, and full postal code data. “When the full date of birth is used together with the full postal code, then approximately 97% of the population are unique with only one year of data.”

One thing that concerns me a little about this study is that postal code is a pretty unique identifier. Take out postal code and you’ll find much different results. Why? Cause a lot of people share the same birthday and gender. However, the article does offer a reasonable suggestion based on the results of the study:

“Most people tend to think twice before reporting their year of birth [to protect their privacy] but this report forces us all to think about the combination or the totality of data we share,” said Dr. El Emam. “It calls out the urgency for more precise and quantitative approaches to measure the different ways in which individuals can be re-identified in databases – and for the general population to think about all of the pieces of personal information which in combination can erode their anonymity.”

To me, this is the key point. It’s not about creating fear and uncertainty that has no foundation, but to consider more fully the effect on patient privacy of multiple pieces of personal information in de-identified patient data.

D. Kellus Pruitt,
I thought you were the security and privacy nazi or am I remembering wrong?

Turns out, the same is generally true for patient records too. Although, there are a few cases where it does matter. In fact, in a few cases it matters a lot. The most common is the insurance companies abusing you based on your medical history.

I think you agree that without privacy, EHRs will never be trusted by doctors or patients. And if EHRs aren’t trusted – and it’s pretty obvious that they are not – will they ever reach their potential?

I’ve always maintained that because of the fundamental difference in content, dental records without PHI and health histories can be shared freely virtually without risk. The same can never be said about even de-identified medical records.

It’s the “one size fits all” nazis who are stubbornly holding dentistry back from interoperable Practice-Based Research. If HHS could think laterally for once, solutions to painful and even life-threatening diseases of dental origin just might become available long before EMRs safely give anything back to society.

If PHI were removed from EDRs – including medical histories – it would virtually eliminate all liability. Such risk-free interoperability will never happen with medical records.

Leon Rodriguez, formerly chief of staff and deputy assistant attorney general for the Department of Justice Civil Rights Division, became director of HHS’ Office for Civil Rights in early September.

In an article posted on GovInfoSecurity.com just now, Howard Anderson says Rodriguez emphasizes that privacy and security are issues that “really matter to me personally and really matter to the secretary [of HHS]. So we’re going to be serious about our enforcement work and no less serious about making sure that we educate everybody out there, both covered entities and patients, about what the requirements are for health information privacy.”http://www.govinfosecurity.com/podcasts.php?podcastID=1258

I am interested in knowing how readers answer John’s question re position on use of de-identified data. My guess is that people don’t know it’s going on and will object to it happening in principle.

Securing PHI feels a lot like Y2K. No doubt breaches occur, and, when they do, they are certainly costly for the offending HCO, but how many examples are there of leaked information being used to harm someone? Seems like the same proscriptions vs. extortion, blackmail, and libel would prevent individuals from using illegally obtained PHI to harm patients.

In fact, the odds that there is a Person A who wishes to harm Person B AND who somehow comes up with Person B’s sensitive PHI AND is able to use it to harm Person B without Person B having ample legal recourse against Person A are hopelessly LONG. Breaches of thousands/hundreds of thousands/millions of records are too large and unspecific to be “used” for nefarious purposes.

We need to secure PHI, but we are hoisting ourselves on our own petards if we let legitimate concerns about the use of patient data block or slow our adoption of EMRs and HCIT for ACOs and PCMHs. Just as there are real benefits associated with use of de-id’ed patient data, there are (significant, hidden) costs with not sharing health data.

The irony here is that the most common, undeniably harmful use of sensitive PHI has been to deny coverage to patients with pre-existing conditions. Kind of makes sense. It is, after all, health information.

[…] don’t read all the comments. Here’s one such comment from ip-doctor on my post about de-identified healthcare data. I am interested in knowing how readers answer John’s question re position on use of […]

Following is a relevant excerpt from that Guide, detailing HIPAA regulations around de-identified data:

“Like PHI, the use of de-identified information is also governed by HIPAA. De-identified information is “health information that does not identify an individual and with respect to which there is no reasonable basis to believe that the information can be used to identify an individual.” De-identified information is not PHI under the HIPAA Privacy Rule. As a result, de-identified information may be shared without restriction…

… “HIPAA defines two routes by which a Covered Entity may properly de-identify data:
(1) the “Safe Harbor” method, and (2) through professional statistical analysis.

“Removing all 18 of these identifiers, as specified by the Safe Harbor method, makes the data much less useful for analyzing health trends over time or for surveillance of health conditions, such as influenza outbreaks or cancer clusters that occur in smaller geographic areas.

“The second method of de-identification permitted under HIPAA requires that a qualified statistician determine and certify that the likelihood of conclusively re-identifying any single person in the data set is “very small” (less than 4 percent) using the information alone or in combination with other reasonably available information. These findings must be certified by a statistician who has appropriate knowledge and experience of generally accepted scientific principles and methods for rendering information not identifiable.”

Kyle,
That was incredibly good information. Glad that HIPAA is covering that. I wonder how many people know about the last part about getting a statistician to find that the likelihood of re-identifying someone is so small. I have a feeling many are missing that part in their de-identification process.

Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use,
ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!

Email Address:

We never sell or give out your contact information. We respect our readers' privacy.